Computable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract)
Size: px
Start display at page:

Download "Computable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract)"

Transcription

1 Computable Analysis, Hybrid Automata, and Decision Procedures (Extended Thesis Abstract) Sicun Gao 1 Introduction 1.1 Overview Cyber-Physical Systems (CPS) are systems that integrate digital computation with the physical environment. They include almost every complex piece of machinery around us, from airplanes to nuclear plants to cardiac pacemakers. In these systems, computation units process information from a physical plant to control it in real-time. Despite their ubiquitous and safety-critical applications, the search for systematic theories and techniques for the analysis and design of these systems has seen limited success. The main difficulty comes from their tight integration of discrete and continuous components, as studied in the area of hybrid systems. Formal verification of hybrid systems has appeared fundamentally unattainable. Theoretically, verifying safety of simple hybrid systems is highly undecidable. Practically, the lack of powerful reasoning engines in this domain prevents the use of advanced formal verification techniques. My thesis develops a framework to overcome these barriers. Theoretical negative results on verification of hybrid systems mostly refer to the limitations of precise and symbolic algorithms. We show that an appropriate relaxation leads to strong decidability and complexity results, both for the decision problems of the underlying logic formulas and the verification problems. The key step is to develop a notion of numerical approximations in the standard decision problems. We define the δ-decision problem, where δ is any positive rational number: for a formula ϕ, we ask whether ϕ is true or a δ-perturbation of ϕ is false (or the other way around). Here, a δ-perturbation of a formula is a syntactic variant of it, obtained by modifying some of its constant terms up to δ. The key theorem is that the δ-decision problem is decidable for sentences with bounded quantifiers in first-order theories over the reals with arbitrary Type 2 computable functions, which are essentially numerically computable real functions. This notion of numerical computability has been studied extensively in the field of computable analysis, which applies to most well-known continuous functions including transcendental functions and solution functions of differential equations. The δ-decidability results stand in sharp contrast with the well-known undecidability of first-order formulas over the reals with trigonometric functions. We then show that δ-decidability leads to a new framework for hybrid system verification. We describe hybrid automata using first-order formulas with Type 2 computable functions, which are expressive enough for almost all systems of practical relevance. We define the notion of δ-reachability for hybrid automata using δ-perturbations on first-order formulas. The decidability and complexity results of the logic formulas then transfer to bounded δ-reachability problems of hybrid automata. Again, such results bypass the well-known high undecidability of reachability for simple hybrid systems. In practice, the new framework allows us to exploit the full power of numerical methods in decision problems and formal verification. We define the notion of δ-complete decision procedures, which serves as a performance requirement for using numerically-driven procedures in formal verification. We show an analysis of the powerful constraint solving framework Interval Constraint Propagation (ICP), and formalize conditions

2 under which it is δ-complete. We have built a practical tool dreal combining ICP in the DPLL(T) framework. It has successfully solved logic formulas with hundreds of nonlinear differential equations or transcendental functions. This tool is the backend of a hybrid system verification tool dreach, which has efficiently handled real-world nonlinear hybrid system models that are much beyond the reach of other existing tools. I will sketch the main results in each part of the thesis. Section 2 contains theoretical results on δ-decidability over the reals. Section 3 gives a framework for reachability analysis of hybrid systems based on δ-decidability. Section 4 gives the framework of δ-complete decision procedures as the underlying solving engine. Section 5 introduces the practical tools that implement the framework. 1.2 Related Work Safety Verification of Hybrid Automata. Hybrid automata are infinite-state systems that combine discrete and continuous parts, it is not surprising that their safety verification problems can be very difficult. Along with the first definition of hybrid automata in [4, 3], it is already shown that the reachability problem for simple classes of hybrid automata, with only constant-rate continuous dynamics, is undecidable. In fact, it can be shown that reachability problems for piecewise-linear systems are already hard enough to encode any problem in the analytic hierarchy [10]. Such very strong negative results seem to indicate that formal verification of realist ic hybrid automata is inherently impossible. Thus, existing approaches have either focused on the simplest decidable classes (timed automata [4]), which can be reduced to discrete systems, or heuristic algorithms for some undecidable classes. We can categorize these approaches based on whether they focus on computing representations of the sets of the reachable states (model-theoretic) or constructing logic proofs of correctness (proof-theoretic). On the model-theoretic side, Reachable Set Computation methods compute reachable states of a hybrid automaton to decide if the safety properties can be falsified. They key challenge is to find suitable representations for the set of reachable states and efficient algorithms for manipulating them. The tool HYTECH was the first model checker to implement symbolic reachability analysis for hybrid systems [5]. It is based on representing the reachable states by polyhedra, where a polyhedron is represented by a conjunction of linear inequalities. The models are restricted to the class of hybrid automata with constant dynamics. The approach is then generalized to handle linear differential equations, as implemented by the tools CheckMate [12] and d/dt [6], using polyhedra to compute flowpipe approximations. It is worth noting that the complexity of operations on polyhedra is usually exponential in the number of dimensions, which makes it hard for the reachable set computation to scale. Recent progress involves using Zonotopes and support functions [19, 20], which leads to more efficient algorithms for handling linear systems. On the other hand, the main drawback of the method is the difficulty with handling logic operations in the discrete jumps using the geometric approximations. In general, explicit reachable set computation has been shown possible only for very limited classes of hybrid automata. On the proof-theoretic side, Deductive Verification methods uses theorem provers for proving correctness. Such methods are based on identifying inductive invariants, and avoid the iterative calculation of the reachable state sets and is not limited to linear hybrid automata. The tool KEYMAERA [28], based on Differential Dynamic Logic [27, 25, 26], provides support for constructing proofs for correctness by certifying inductive invariants. The proof engine relies on external symbolic algorithms for quantifier elimination in real arithmetic, which puts a constraint on the overall scalability and expressiveness. In most cases such inductive invariants need to be suggested by the user. Automated generation of inductive invariants has remained an active area of research [30, 30]. Decision Procedures over the Reals. While efficient algorithms [14] exist for deciding SMT problems with only linear real arithmetic, practical problems normally contain nonlinear polynomials, transcendental functions, and differential equations. Solving formulas with these functions is inherently intractable. Decision algorithms [13] for formulas with nonlinear polynomials have very high complexity [11]. A more fundamental problem is the lack of 2

3 expressiveness: many problems in the intended domains of application cannot even be expressed in the language of real-closed fields. When the sine function is involved, the SMT problem is undecidable, and only partial algorithms can be developed [7, 2]. The symbolic approaches include Cylindrical Decomposition [13], with significant recent improvement [24,?], and Gröbner bases [29]. A drawback of symbolic algorithms is that it is restricted to arithmetic, namely polynomial constraints, with the exception of [1]. On the other hand, many practical solvers incorporate scalable numerical computations. Examples of numerical algorithms that have been exploited include optimization algorithms [9, 23], interval-based algorithms [16, 15, 18], Bernstein polynomials [22], and linearization algorithms [17]. In these existing approaches, the numerical algorithms are used as partial heurstics, and there is no framework for comparing their power or formulating correctness guarantees. 2 δ-decidability over the Reals Tarski s celebrated result that the first-order theory of real arithmetic is decidable has had a profound impact on automated theorem proving, and has generated much attention in application domains such as formal verification, control theory, and robotics. The hope is that practical problems can be encoded as first-order formulas and automatically solved by decision procedures for the theory. However, in spite of extensive research in optimizing the decision algorithms, there is still a wide gap between the state-of-the-art and the majority of problems in practice. One reason is the procedures high computational complexity: general quantifier elimination, even restricted to a linear signature, has a doubly exponential lower-bound. A more fundamental problem is the lack of expressiveness: many problems in the intended domains of application cannot even be expressed in the language of real-closed fields. Problems from formal verification and control design can appear much beyond what can be currently solved, because of the use of differential equations, alternating quantifiers, as well as their sheer scale. It is well known that even the set of Σ 1 sentences in a language extending real arithmetic with the sine function is already undecidable. This seems to indicate that developing general logic-based automated methods in these domains is at its core impossible. Our goal is to show that a slight change of perspective provides a completely different, and much more positive, outlook. It is important to note that the theoretical negative results only refer to the problem of deciding logic formulas symbolically and precisely. In this setting, the numerical computability of real functions remains mostly unexploited. This hardly reflects the wide range of solving techniques in practice. For instance, in the Flyspeck project, the nonlinear formulas are proved using various numerical optimization techniques, including linear programming, interval analysis, and Bernstein approximations. In the field of formal verification of real-time systems, a recent trend in developing decision solvers that incorporate numerical methods has also proved very promising. It is natural to ask whether such practices can be theoretically justified in the context of decision problems for first-order theories. Namely, can we give a characterization of the first-order formulas that can be solved using numerically-driven procedures, and if so, bound the complexity of these procedures? Can we formulate a framework for understanding the guarantees that numerically-driven decision procedures can provide? Can we provide general conditions under which a practical verification problem has a satisfactory solution? We answer these questions affirmatively. The key is to shift to a δ-relaxed notion of correctness, which is more closely aligned with the use of numerical procedures. An informal description of what we can show is as follows. In a very general signature that contains all the aforementioned real functions, there exists an algorithm such that given an arbitrary sentence ϕ involving only bounded quantifiers, and an arbitrary small numerical parameter δ, one of the following decisions is returned: ϕ is true; The δ-strengthening of ϕ is false. The δ-strengthening of a formula, defined below, is a numerical perturbation which makes it slightly harder for the formula to be true. For example, the strengthening of x I. x > 0, where I is the bound on the quantifier, is 3

4 x I. x > δ. Thus the algorithm reports either that the given formula is true, or that some small perturbation makes it false. These two cases are not mutually exclusive, and in the grey area where both cases hold the algorithm is allowed to return either value. We refer to this problem (as well as the dual problem defined below using the δ- weakening of formulas) as the δ-relaxed decision problem, or simply the δ-decision problem. The restriction to bounded quantifiers is reasonable, since in practical problems real-valued variables are typically considered within some range. Here is another way of thinking about our main result. Given a small δ, we can consider the set of first-order sentences with the property that their truth values remain invariant under δ-strengthening (or δ-weakening). Such sentences can be called δ-robust, in that they do not fall into the grey area mentioned in the last paragraph. We believe that, in situations like the Flyspeck project where numerical methods are used, it is implicitly assumed that the relevant assertions have this property. Our algorithm, in particular, decides the truth of bounded δ-robust sentences in a general signature. Moreover, we show that the δ-decision problems reside in reasonable complexity classes. For instance, if the signature is given by extending arithmetic with exp and sin, the δ-decision problem for bounded Σ 1 -sentences is only NP-complete. This should be compared with the undecidability of sentences in this class in the ordinary setting. As another example, the δ-decision problem for arbitrarily-quantified bounded sentences with Lipschitzcontinuous ordinary differential equations is PSPACE-complete. The fact that this complexity is not higher than that of deciding quantified Boolean formulas is striking. The general signature we mentioned above refer to arbitrary Type 2 computable functions. We now formally state our results. Let F be any collection of Type 2 computable real functions. First, there exists an algorithm such that given any L F -sentence ϕ containing only bounded quantifiers, and any positive rational number δ, decides the δ-relaxed decision problem. Secondly, suppose all the functions in F are in a Type 2 complexity class C (closed under polynomial-time reduction), then the δ-relaxed decision problem for Σ n -sentences in L F resides in (Σ P n ) C. Moreover, the relaxations are necessary. Without either boundedness or δ-relaxation, the general problem would remain undecidable. 2.1 Computable Functions over the Reals We can encode any real number as an infinite sequence of rational numbers. We write the set of dyadic rational numbers as D = {m/2 n : m Z, n N}. Definition 2.1 (Names). For each real number x, a name of x is any function φ : N D that binary-converges to x. That is, n N, φ(n) x 2 n. Note that this representation is not unique. We write CF x to denote the set of all φs that binary-converge to x. A real number x is computable, if there exists a computable function φ CF(x). We can compute a real function f : R R if there is a machine M that, given the representation of any argument x R of the function, computes the representation of its value f(x). Such computation can be realized by function-oracle machines in the following way. The input x is given to M by some φ CF x as a function oracle, and the precision 2 n is given as an integer n in unary notation (a string 0 n ) as an input to M. M computes f(x) by repeating two steps: first, it decides the precision of the input needed for producing an output of the desirable precision 2 n ; second, it queries the function oracle to obtain an approximation of the input and compute the output. Namely, M queries the oracle for φ(m), which by definition satisfies φ(m) x 2 m and computes an output d Q with d f(x) 2 n, using φ(m). This is the intuition behind the following formal definition of computable real functions. Definition 2.2 (Computable Real Functions). A real function f : R R is computable, if there is a functionoracle Turing machine M such that for every x R and every φ CF x, given any i N, the machine uses φ as an 4

5 oracle, and n as the input, and computes a rational number M φ (i) Q, such that M φ (i) f(x) 2 i. In other words, M computes a function ψ that Cauchy-represents f(x). We say a function f : [a, b] R is computable over [a, b] R if the above conditions hold for all x [a, b]. A most important property of computable functions is that they must have a computable modulus of continuity. Basically, if a function has a computable uniform modulus of continuity, then fixing any error bound 2 i, we can compute a global error bound 2 m f (i) such that using any 2 m f (i) -approximation of x, f(x) can be obtained with error smaller than 2 i. Most standard real functions are Type 2 computable, including: arithmetic, absolute value function, min and max, polynomials with computable coefficients, exponential, trigonometric, square root, and logarithm functions, and solution functions of Lipschitz-continuous ordinary differential equations are Type 2 computable. Complexity Classes of Type 2 Functions. Let the ordinary complexity classes such as P, NP, Σ P k, PSPACE for decision problems be defined in the standard way. Complexity of real functions is usually defined over compact domains. Without loss of generality, we consider functions over [0, 1]. Intuitively, a real function f : [0, 1] R is (uniformly) P-computable (PSPACE-computable), if it is computable by an oracle Turing machine M f that halts in polynomial-time (polynomial-space) for every i N and every x dom(f). Formally, we use the following standard definition: Definition 2.3. A real function f : [0, 1] n R is in P C[0,1] (resp. PSPACE C[0,1] ), iff there exists a representation (m f, θ f ) of f such that m f is a polynomial function, and for any d (D [0, 1]) n, e D, and i N, θ f (d, i) is computable in time (resp. space) O((len(d) + i) k ) for some constant k. Most common real functions reside in P C[0,1] : absolute value, polynomials, binary max and min, exp, and sin are all in P C[0,1]. It has been that solutions of Lipschitz-continuous differential equations are PSPACE C[0,1] -complete. 2.2 L RF -Formulas We consider first-order formulas with Type 2 computable functions interpreted over the reals. We write F to denote an arbitrary collection of symbols representing Type 2 computable functions over R n for various n. We always assume that F contains at least the constant 0, unary negation, addition, and the absolute value. (Constants are seen as constant functions.) Let L F be the signature F, >. L F -formulas are always evaluated in the standard way over the corresponding structure R F = R, F, >. It is not hard to see that we only need to use atomic formulas of the form t(x 1,..., x n ) > 0 or t(x 1,..., x n ) 0, where t(x 1,..., x n ) are built up from functions in F. This follows from the fact that t( x) = 0 can be written as t( x) 0, t( x) < 0 as t( x) > 0, and t( x) 0 as t( x) 0. We then take expressions s < t and s t to abbreviate t s > 0 and t s 0, respectively. Moreover, when a formula is in negation normal form, the negations in front of atomic formulas can be eliminated by replacing t( x) > 0 with t( x) 0, and t( x) 0 with t( x) > 0. In general, to avoid extra preprocessing of formulas, we give an explicit definition of L F -formulas as follows. Definition 2.4 (L F -Formulas). Let F be a collection of Type 2 functions, which contains at least 0, unary negation -, addition +, and absolute value. We define: t := x f(t( x)), where f F, possibly constant; ϕ := t( x) > 0 t( x) 0 ϕ ϕ ϕ ϕ x i ϕ x i ϕ. In this setting ϕ is regarded as an inductively defined operation which replaces atomic formulas t > 0 with t 0, atomic formulas t 0 with t > 0, switches and, and switches and. Implication ϕ 1 ϕ 2 is defined as ϕ 1 ϕ 2. We use the notation of bounded quantifiers, defined as [u,v] x.ϕ = df x.(u x x v ϕ) and [u,v] x.ϕ = df x.((u x x v) ϕ). We say a sentence is bounded if it only involves bounded quantifiers. 5

6 Expressiveness of L RF. Many standard problems related to ODE systems can be easily generalized and encoded in L RF. They motivate the development of decision procedures for the theory. We give encoding for generalizations of Initial Value Problems, Boundary Value Problems, Differential-Algebraic Equations, etc. 2.3 δ-decidability We define δ-weakening and δ-strengthening of bounded L F -sentences, which explicitly introduce syntactic perturbations in a formula. They are used to formalize the notion of δ-relaxed decision problems for L F -sentences. Definition 2.5 (δ-variants). Let δ Q + {0}, and ϕ a bounded L F -sentence of the form Q I1 1 x 1 Q In n x n.ψ[t i > 0; t j 0], where i {1,...k} and j {k + 1,..., j}. The δ-strengthening ϕ +δ of ϕ is defined to be the result of replacing each atomic formula t i > 0 by t i > δ and each atomic formula t j 0 by t j δ, that is, Q I1 1 x 1 Q In n x n.ψ[t i > δ; t j δ], where i {1,...k} and j {k + 1,..., j}. Similarly, the δ-weakening ϕ δ of ϕ is defined to be the result of replacing each atomic formula t i > 0 by t i > δ and each atomic formula t j 0 by t j δ, that is, Q I1 1 x 1 Q In n x n.ψ[t i > δ; t j δ]. We say that a sentence is δ-robust if its truth value remains invariant under δ-weakening, namely, if ϕ δ ϕ. We say ϕ is robust if it is δ-robust for some δ Q +.More precisely, we can say that a formula ϕ is robust under δ-weakening if it has this property, and define the analogous notion of being robust under δ-strengthening. The two notions have similar properties; for simplicity, we will restrict attention to the first notion below. By Proposition??, we always have ϕ ϕ δ, so ϕ is δ-robust if and only if we have ϕ ϕ δ. Since ϕ δ ϕ is equivalent to ϕ δ ϕ, saying that ϕ is robust is equivalent to saying that either ϕ is true or ϕ δ is false. Intuitively, this means that either ϕ is true, or comfortably false in the sense that no small perturbation makes it true. Main Theorem. Our main theorem is the following. Theorem 2.6 (δ-decidability). There is an algorithm which, given any bounded L F -sentence ϕ and δ Q +, correctly returns one of the following two answers: True : ϕ is true. δ-false : ϕ +δ is false. Note that the two cases can overlap. If ϕ is true and ϕ +δ is false, then the algorithm is allowed to return either one. The proof idea is that for any formula ϕ, the strictification of ϕ is equivalent to the formula α(ϕ) > 0. Whether this holds cannot, in general, be determined algorithmically, But given a small δ, we can make a choice between the overlapping alternatives α(ϕ) > 0 and α(ϕ) < δ, and this is enough to solve the relaxed decision problem. To prove the main theorem, we need the following definitions and lemmas. First, any F can be extended it as follows. Definition 2.7 (m-extension). Let F be a collection of computable functions over reals. We define the m-extension of F, written as F m, to be the closure of F with the following functions: Binary min and max: min(, ), max(, ); 6

7 Bounded min and max: min{t( x, y) : y 1 [u 1, v 1 ],..., y n [u n, v n ]}, max{t( x, y) : y 1 [u 1, v 1 ],..., y n [u n, v n ]}, where u i and v i denote arbitrary L Fm -terms that do not involve y i. It is a standard result in computable analysis that applying minimization and maximization over a bounded interval preserves computability. (This is studied in detail in Chapter 3 of [21].) Thus all functions in F m are computable. We can write the bounded min and max as min x D (t( x, y)) and max x D (t( x, y)) for short, where D = [u 1, v 1 ] [u n, v n ]. For technical reasons that will become clear in Section 2.4, we interpret [u, v] as [v, u] when v < u; one can rule out this interpretation by adding u v as an explicit constraint in the formula. We define a notion that allows us to switch between strict and nonstrict inequalities in the δ-decision problem. Definition 2.8 (Strictification). Suppose ϕ is the formula Q I x.ψ[t 1 > 0,..., t k > 0; t k+1 0,..., t m 0]. We say ϕ is strict (resp. nonstrict), if m = k (resp. k = 0), i.e., all the inequalities occurring in ϕ are strict (resp. nonstrict). The strictification of ϕ is defined to be st(ϕ) : Q I x.ψ[t 1 > 0,..., t k > 0, t k+1 > 0,..., t m > 0], that is, the result of replacing all the nonstrict inequalities by strict ones. The destrictification of ϕ is de(ϕ) : Q I x.ψ[t 1 0,..., t k 0, t k+1 0,..., t m 0], this is, the result of replacing all strict inequalities by nonstrict ones. Note that the bounds on the quantifiers are not changed in the definition. The following fact follows directly from the definition. Proposition 2.9. We have st(ϕ) ϕ and ϕ de(ϕ). (Duality) st( ϕ) is equivalent to de(ϕ). The key lemma establishes that any bounded L F -sentence can be expressed as an atomic formula in the extended signature L Fm. Lemma Let ϕ be a bounded L F -sentence. There is an L Fm -term α(ϕ) that satisfies: de(ϕ) α(ϕ) 0, and st(ϕ) α(ϕ) > 0; de(ϕ +δ ) α(ϕ) δ, and st(ϕ +δ ) α(ϕ) > δ. Now, the idea of the proof for the main theorem is as follows. For any formula ϕ, the strictification of ϕ is equivalent to the formula α(ϕ) > 0. Whether this holds cannot, in general, be determined algorithmically, But given a small δ, we can make a choice between the overlapping alternatives α(ϕ) > 0 and α(ϕ) < δ, and this is enough to solve the relaxed decision problem. 7

8 Corollaries of the main theorem. We have the following corollaries that easily follow from the main theorem. Corollary There is an algorithm which, given any bounded ϕ and δ Q +, correctly returns one of the following two answers: δ-true : ϕ δ is true. False : ϕ is false. Corollary 2.12 (Robustness implies decidability). There is an algorithm that, given δ Q + and a bounded δ-robust ϕ, decides whether ϕ is true or false. Corollary Let L be a class of bounded L F -sentences. Suppose it is undecidable whether an arbitrary sentence in L is true. Then it is undecidable, given any δ Q +, whether an arbitrary bounded L-sentence is δ-robust. This can be contrasted with the simple fact that if R F has a decidable theory, then it is decidable whether any bounded L F -sentence is robust, since the conditions can be expressed by just another bounded L F -sentence. We can contrast the above results with the following negative results, to show that both the boundedness and δ-relaxation are necessary for decidability. We allow the signature L F to be arbitrary Type 2 computable functions, then without either boundedness or robustness, L F -sentences are undecidable. Proposition There exists F such that it is undecidable whether an arbitrary quantifier-free sentence (and thus trivially bounded) in L F is true. The proof of this proposition involves adding countably many constant symbols to the language, one for each a i. Alternatively, it is not hard to define a single computable function g : Q R such that for each i N, g(i) = a i, by interpolating outputs linearly for inputs between integer values. Proposition There exists F such that it is undecidable whether an arbitrary δ-robust quantifier-free L F - sentence is true. 2.4 Complexity Results In this section we consider the complexity of the δ-decision problem for signatures of interest. In the proof of the main theorem, we have established a reduction from the δ-decision problems of L F to computing the value of L Fm -terms with alternations of min and max. The complexity of computing such terms can be exactly characterized by the min-max hierarchy over computable functions, as defined in [21]. First, we need the definition of Σ k,c[0,1] -functions. Definition 2.16 ([21]). For k 0, we say a real function f : [0, 1] R is in Σ k,c[0,1] (resp. Π k,c[0,1] ) if there exists a representation (m f, θ f ) of f, such that 1. The modulus function m f : N N is a polynomial, and 2. for all d D [0, 1] and all i N, θ f (d, n) f(d) 2 i, and the set A θf = { d, e, 0 i : e θ f (d, i)} is in Σ k (resp. Π k ). (0 i denotes the string of i zeros.) Remark Note that using membership queries to A ψ, we can easily (in polynomial-time) determine the value of ψ(d, i). Thus by replacing the third condition with P or PSPACE, we obtain the definition of P C[0,1] and PSPACE C[0,1]. It is also clear that Σ 0,C[0,1] = Π 0,C[0,1] = P C[0,1]. 8

9 The key result as shown by Ko [21] is that, if f(x, y) is in P C[0,1], then max x [0,1] f(x, y) is in NP C[0,1] : Proposition 2.18 ([21]). Let f : [0, 1] n R be a real function in P C[0,1]. Define g : [0, 1] m0 R as g( x 0 ) = max x 1 [0,1] m 1 min opt f( x 0, x 1,..., x k ) x 2 [0,1] m 2 x k [0,1] m k where opt is min if k is even and max if k is odd, and k i=0 m i = n. We then have g Σ k,c[0,1]. Following the definition of Σ k,c[0,1] -classes, it is straightforward to obtain the decision version of this result, and also to relativize to complexity classes other than P C[0,1]. Lemma Suppose f : [0, 1] n R is in complexity class C with a polynomial modulus function. Define g : [0, 1] m0 R as g( x 0 ) = max min opt f( x 0, x 1,..., x k ) x 1 [0,1] m 1 x 2 [0,1] m 2 x k [0,1] m k where opt is min if k is even and min if k is odd, and k i=0 m i = n. Then there exists a representation of g, (m g, θ g ), such that the following problem is in (Σ P k )C : given any d, e D and i N, decide if θ g (d, i) e. Now we are ready to state the complexity results for the δ-decision problems. Theorem Let F be a class of computable functions. Let S be a class of L F -sentences, such that for any ϕ in S, the terms in ϕ [0,1] are computable in complexity class C where P C[0,1] C PSPACE C[0,1]. Then, for any δ Q +, the δ-decision problem for bounded Σ n -sentences in S is in (Σ P n ) C. As corollaries, we now prove completeness results for signatures of interest. Corollary Let F be a set of P-computable functions (which, for instance, includes exp and sin). The δ-decision problem bounded Σ n -sentences in L F is Σ P n -complete. Corollary Suppose F consists of Lipschitz-continuous ODEs over compact domains. The δ-decision problem for bounded L F -sentences is PSPACE-complete. 2.5 δ-complete Decision Procedures We now focus on bounded existential formulas. They form the class of problems often referred to as the SMT problems, whose detailed algorithms will be studied in Part III. This class of problems is a special case of the general δ-decidability results we have obtained in the previous chapters. Yet, it is worthwhile to give alternative proofs in this special case which do not rely much results in computable analysis and will also be useful for understanding practical algorithms. We have defined δ-strengthening and δ-weakening of general first-order sentences. We put formulas in normal forms that contains only inequalties. Yet in the case of Σ 1 -sentences, it will be shown that using equalities is closer to the analysis of practical algorithms. Thus, we give a special definition for formulas using equalities in the normal forms. Definition 2.23 (δ-weakening of Σ 1 -sentences). Let δ Q + {0} be a constant and ϕ be a Σ 1 -sentence in standard form: ϕ := I x. m i=1 ( k i j=1 f ij( x) = 0). The δ-weakening of ϕ defined as ϕ δ := I x. m i=1 ( k j=1 f ij( x) δ). Also, a δ-perturbation is a constant vector c = (c 11,..., c mkm ), c ij R, satisfying c δ, such that the c-perturbed form of ϕ is given by: ϕ c := I x. m i=1 ( k j=1 f ij( x) = c ij ). Definition 2.24 (Bounded δ-smt in L RF ). Let F be a finite collection of Type 2 computable functions. Let ϕ be a bounded Σ 1 -sentence in L RF in standard form. The bounded δ-smt problem asks for one of the following either unsat : ϕ is false, or δ-sat : ϕ δ is true. When the two cases overlap, either decision can be returned. Definition 2.25 (δ-completeness). We say a procedure is δ-complete if it solves the δ-smt problem correctly. 9

10 3 Formal Verification of Hybrid Automata There are two main difficulties in formal verification of hybrid systems. Theoretically, it is well known that the safety verification problem for hybrid systems with very simple dynamics is highly undecidable. Consequently, a unified framework for solving the reachability problem seems impossible, especially for nonlinear hybrid systems. Some decidability results exist for restricted classes of nonlinear systems but they do not apply to the majority of realistic systems. Practically, formal analysis of hybrid systems requires both numerical computation and logical reasoning. A core requirement is the availability of efficient solving techniques for handling logical combinations of assertions over the real numbers. To model physical laws and control systems, the logic formulas in question have to contain various nonlinear real functions. The logical decision problem for such formulas is extremely hard. The lack of efficient solving engines limits the scalability of existing verification techniques for hybrid systems. Advanced verification techniques, which are successful in other domains such as hardware and software verification, are hard to apply on hybrid systems. We show that the framework of δ-decisions bring a new perspective on the problem. In practice, hybrid systems interact with the physical world and it is impossible to avoid slight perturbations; they may come from lack of precision in the sensors, errors in floating-point computation, physical disturbance in the environment, etc. Note that such robustness problems can not be discovered by solving the standard reachability problem. Thus, we argue that the notion of δ-reachability is not weaker, and in fact better suits the need of safety verification in practice. 3.1 Hybrid Automata and L RF -Representations Hybrid automata are finite automata combined with dynamical systems. concisely represent hybrid automata. We first show that L RF -formulas can Definition 3.1 (L RF -Representations of Hybrid Automata). A hybrid automaton in L RF -representation is a tuple H = X, Q, {flow q ( x, y, t) : q Q}, {inv q ( x) : q Q}, {jump q q ( x, y) : q, q Q}, {init q ( x) : q Q} where X R n for some n N, Q = {q 1,..., q m } is a finite set of modes, and the other components are finite sets of quantifier-free L RF -formulas. We can write H = X, Q, flow, jump, inv, init. Intuitively, the flow formulas specify the rules for the continuous dynamics in each mode. The jump conditions specify when an automaton may switch to another mode. The invariants (when violated) specify when an automaton must switch to another mode. The init conditions specify the initial states of the system. We say a hybrid automaton H has a computable representation, if H has an L RF -representation, and all functions in F are Type 2 computable. From now on we will only consider hybrid automata that have computable representations. We have not restricted the form of the formulas for defining hybrid automata. This makes the definition more general than necessary. For instance, the flow should be a continuous mapping from x 0 and t to x t (and thus a conjunction of equations of the form x t = f( x 0, t)), instead of arbitrary formulas. Different classes of hybrid systems can be defined by refining this definition. Again, L RF representations can contain almost all functions needed in describing hybrid systems, including nonlinear ODEs that have no analytic expressions. Most of the hybrid systems studied in the existing literature can be defined by restricting the signature F, for instance: Example 3.2 (Linear and Polynomial Hybrid Automata). Let F lin = {+} Q and F poly = { } F poly (Rational numbers are considered as 0-ary functions.) We say a hybrid automaton H is a linear hybrid automaton if it has an L RF lin -representation, and a polynomial hybrid automaton if it has an L R F poly -representation. 10

11 Trajectories of hybrid systems combine continuous flows and discrete jumps. This motivates the use of a hybrid time domain, with which we can keep track of both the discrete changes and the duration of each continuous flow. A hybrid time domain is a sequence of closed intervals on the real line, and a hybrid trajectory is a mapping from the time domain to the Euclidean space. Definition 3.3 (Hybrid Time Domains and Hybrid Trajectories). A hybrid time domain is a subset of N R of the form T m = {(i, t) : i < m and t [t i, t i ] or [t i, + )}, where m N {+ }, {t i } m i=0 is an increasing sequence in R +, t 0 = 0, and t i = t i+1. When X R n is an Euclidean space and T m a hybrid time domain, a hybrid trajectory is a continuous mapping ξ : T m X. We can write the time domain T m of ξ as T (ξ). We can now define trajectories of hybrid automata. To link hybrid trajectories with automata, we need a labeling function σ ξ,h (i) that maps each step i in the hybrid trajectory to an appropriate discrete mode in H, and make sure that the flow, jump, inv, init conditions are satisfied. Definition 3.4 (Trajectories of Hybrid Automata). Let H be a hybrid automaton, T m a hybrid domain, and ξ : T m X a hybrid trajectory. We say that ξ is a trajectory of H of discrete depth m, written as ξ H, if there exists a labeling function σ ξ,h : N Q such that: For some q Q, σ ξ,h (0) = q and R F = init q (ξ(0, 0)). For any (i, t) T m, R F = inv σξ,h (i)(ξ(i, t)). For any (i, t) T m : When i = 0, R F = flow q0 (ξ(0, 0), ξ(0, t), t). When i = k + 1, where 0 < k + 1 < m, R F = flow σ H ξ (k+1)(ξ(k + 1, t k+1 ), ξ(k + 1, t), (t t k+1 )), and R F = jump σξ,h (k) σ ξ,h (k+1)(ξ(k, t k), ξ(k + 1, t k+1 )). The definition is straightforward. In each mode, the system flows continuously following the dynamics defined by flow q. Note that (t t k ) is the actual duration in the k-th mode. When a switch between two modes is performed, it is required that ξ(k + 1, t k+1 ) is updated from the exit value ξ(k, t k ) in the previous mode, following the jump conditions. Note that we gave no restriction on the formulas that can be used for describing hybrid automata in Definition 3.1. A minimal requirement is that the flow predicates should define continuous trajectories over time, namely: Definition 3.5 (Well-Defined Flow Predicates). Let flow( x, y, t) be a flow predicate for a hybrid automaton H. We say the flow predicate is well-defined, if for all tuples ( a, b, τ) X(H) X(H) R 0 such that R = flow( a, b, τ), there exists a continuous function η : [0, τ] X such that η(0) = a, η(τ) = b, and for all t [0, τ], we have R = flow( a, η(t), t). We say H is well-defined if all its flow predicates are well-defined. This definition requires that we can always construct a trajectory from the end points and the initial points that satisfy a flow predicate. Flows that are defined using differential equations, differential inclusions, and explicit continuous mappings all satisfy this condition. Thus, from now on our discussion of hybrid automata assume their well-definedness. 3.2 Reachability Formally, the reachability problem for hybrid automata defined as follows. 11

12 Definition 3.6 (Reachability). Let H be an n-dimensional hybrid automaton, and U a subset of its state space Q X. We say U is reachable by H, if there exists ξ H,such that there exists (i, t) T (ξ) satisfying (σξ H (i), ξ(i, t)) U. The bounded reachability problem for hybrid systems is defined by restricting the continuous time duration to a bounded interval, and the number of discrete transitions to a finite number. Definition 3.7 (Bounded Reachability). Let H be an n-dimensional hybrid automaton, whose continuous state space X is a bounded subset of R n. Let U be a subset of its state space. Set k N and M R 0. The (k, M)-bounded reachability problem asks whether there exists ξ H such that there exists (i, t) T (ξ) with i k, t = k i=0 t i where t i M, and (σ ξ (i), ξ(i, t)) U. By step, we mean the number of discrete jumps. We say H can reach U in k steps, if there exists ξ H that contains k discrete jumps, which consists of k + 1 pieces of continuous flows in the corresponding discrete modes. 3.3 Encoding Bounded Reachability in L RF We now define the L RF -encoding of bounded reachability. We need to define a set of auxiliary formulas that will be important for ensuring that a particular mode is picked at a certain step. Definition 3.8. Let Q = {q 1,..., q m } be a set of modes. For any q Q, and i N, use b i q to represent a Boolean variable. We now define enforce Q (q, i) = b i q p Q\{q} bi p and enforce Q (q, q, i) = b i q b i+1 p Q\{q} bi p p Q\{q } bi+1 p. We say a hybrid automaton H is invariant-free if inv q (H) = for every q Q(H). We use unsafe = {unsafe q : q Q} as the L RF -representation of an unsafe region in the state space of H. We can write unsafe = q Q unsafe q {q}. We define the following formula that checks whether an unsafe region is reachable after exactly k steps of discrete transition in a hybrid system. Definition 3.9 (k-step Reachability, Invariant-Free Case). Suppose H is invariant-free, and U a subset of its state space represented by unsafe. The L RF -formula Reach H,U (k, M) is defined as: q X x 0 X x t 0 X x k X x t k [0,M] t 0 [0,M] t k. ( ) init q ( x 0 ) flow q ( x 0, x t 0, t 0 ) enforce(q, 0) q Q k 1 i=0 ( q,q Q unsafe q ( x t k). q Q ( ) ) jump q q ( x t i, x i+1 ) enforce(q, q, i) flow q ( x i+1, x t i+1, t i+1 ) enforce(q, i + 1) Intuitively, the trajectories start with some initial state satisfying init q ( x 0 ) for some q. In each step, it follows flow q ( x i, x t i, t) and makes a continuous flow from x i to x t i after time t. When H makes a jump from mode q to q, it resets variables following jump q q( x t k, x k+1). The auxiliary enforce formulas ensure that picking jump q q in the i-the step enforces picking flow q in the (i + 1)-th step. The case of nontrivial invariants and nondeterministic flows require more quantifiers. When the invariants are not trivial, we need to ensure that for all the time points along a continuous flow, the invariant condition holds. Thus, we need to universally quantify over time. For deterministic flows, we have: 12

13 Definition 3.10 (k-step Reachability, Nontrivial Invariant and Deterministic Flow). Suppose H contains invariants and only deterministic flow, and U a subset of its state space represented by unsafe. In this case, the L RF -formula Reach H,U (k, M) is defined as: X x 0 X x t 0 X x k X x t k [0,M] t 0 [0,M] t k. ( ) init q ( x 0 ) flow q ( x 0, x t 0, t 0 ) enforce(q, 0) [0,t0] t X x (flow q ( x 0, x, t) inv q ( x)) q Q k 1 i=0 ( q,q Q ( jump q q ( x t i, x i+1 ) flow q ( x i+1, x t i+1, t i+1 ) enforce(q, q, i) ) ) enforce(q, i + 1) [0,ti+1] t X x (flow q ( x i+1, x, t) inv q ( x))) (unsafe q ( x t k) enforce(q, k)). q Q The extra universal quantifier for each continuous flow expresses the requirement that for all the time points between the initial and ending time point (t [0, t i + 1]) in a flow, the continuous variables x must take values that satisfy the invariant conditions inv q ( x). For the case of nondeterministic flows, one needs to quantify over possible choices for each time point, and the details are in the thesis. 3.4 δ-complete Analysis of Bounded Reachability We now define the δ-complete analysis problem and prove its decidability. Definition 3.11 (δ-weakening of Hybrid Automata). Let δ Q + {0} be arbitrary. Let H be a hybrid automaton in L RF -representation. The δ-weakening of H is H δ = X, Q, flow δ, jump δ, inv δ, init δ which is obtained by weakening all formulas in the L RF -representations of H. Definition 3.12 (Bounded δ-reachability). Let H be a hybrid system and U a subset of its state space. Suppose U is represented by the L RF -formula unsafe. Let k N and M R +. The δ-complete analysis for (k, M)-bounded reachability problem asks for one of the following answers: (k, m)-safety: H does not reach unsafe within the (k, M)-bound. δ-unsafety: H δ reaches unsafe δ within the (k, M)-bound. It is straightforward to transfer delta-decidability of the formulas to the decidability of bounded δ-reachability. Lemma Let δ Q + {0} be arbitrary. Suppose H is a well-defined hybrid automaton with strictlyimposed invariants. Let U a subset of the state space of H, represented by the set unsafe of L RF -formulas. Let Reach H,U (k, M) be the L RF -formula encoding (k, M)-bounded reachability of H with respect to U. We always have that R = (Reach H,U (k, M)) δ iff there exists a trajectory ξ H δ such that for some (k, t) T (ξ), where 0 t M, (ξ(k, t), σ ξ (k)) unsafe δ. Theorem 3.14 (Decidability). Let δ Q + be arbitrary. There exists an algorithm such that, for any bounded well-defined hybrid automaton L RF -represented by H, and any unsafe region U L RF -represented by unsafe, correctly performs δ-complete analysis for (k, M)-bounded reachability for H, for any k N, M R +. 13

14 Theorem 3.15 (Complexity). Suppose all the L RF -terms in the description of H and U are in complexity class C. Then deciding the (k, M)-bounded δ-reachability problem is in NP C for an invariant-free H; (Σ P 2 ) C for an H with nontrivial invariants and deterministic flows; (Σ P 3 ) C for an H with nontrivial invariants and nondeterministic flows. Corollary For linear and polynomial hybrid automata, δ-complete bounded reachability analysis ranges from being NP-complete to Σ P 2 -complete for the three cases. For hybrid automata that can be L R F -represented with whose F contains the set of ODEs defined P-computable right-hand side functions, the problem is PSPACE-complete. The results come from the fact that the complexity of polynomials is in P, and the set of ODEs in questions are PSPACE-complete. The complexity results indicate that the worst-case running time of the analysis is exponential in all the input parameters. In particular, the worst-case running time grows exponentially with the δ and the size of the domains. We need to use efficient decision procedures to manage this complexity. 4 Practical δ-complete Decision Procedures We describe practical algorithms for computing δ-decisions of SMT problems in L RF. The new framework allows us to exploit the full power of numerical methods in decision problems and formal verification. We show that δ- completeness serve as a reasonable performance requirement for numerically-driven procedures to be used in formal verification. We show an analysis of the powerful constraint solving framework Interval Constraint Propagation (ICP), obtaining conditions under which it is δ-complete. In particular, we develop decision procedures for formulas that contain ODEs. For any ODE system, we can consider its solution function x t = f(t, x 0 ) as a constraint between the initial variables x 0, time variable t, and the final state variables x t. We define pruning operators that take interval assignments on x 0, t, and x t as inputs, and output refined interval assignments on these variables. We formally prove that the proposed algorithms are δ-complete. Beyond standard SMT problems where all variables are existentially quantified, we also study -formulas under the restriction that the universal quantifications are limited to the time variables (we call them t -formulas). We also give a proof calculus that can be used to validate the correctness of unsat results given by DPLL(ICP). Such proofs ensure the correctness of the unsat without numerical errors. 4.1 The DPLL ICP Framework Current SMT solvers are mostly built on the DPLL(T) framework. An SMT problem is a quantifier-free first order formula ϕ with atomic formulas specified by some theory T. The DPLL(T) approach requires the use of a SAT solver and a theory solver (T-solver). The SAT solver is first applied on the Boolean abstraction ϕ B of the formula ϕ, which is the propositional formula with all the theory atoms replaced by propositional variables. If ϕ B is Booleansatisfiable, the SAT solver should return a satisfying assignment for all the Boolean variables. Since the Boolean variables correspond to theory atoms, we need to further check whether the Boolean assignment is consistent with the theory T. This task calls for the use of a T-solver, which takes a set of theory atoms as input and checks whether the set is consistent. If the set is consistent, the original formula ϕ is satisfiable; otherwise, the corresponding Boolean assignment is spurious, and the SAT solver looks for a different satisfying assignment. The process is iterated until a real solution is found, or all the Boolean solutions have been exhausted and the formula is determined unsatisfiable. The main utility of the T-solver, which decides whether a set of theory atoms is consistent, is provided by the Check() procedure. A partial check procedure, named Assert(), is also used alongside the SAT solver, which takes 14

15 each incomplete set of theory atoms asserted by the SAT solver and returns whether it already contains an evident conflict. The Assert() procedure should work cheaply and incrementally. Usually, Check() is supposed to be sound and complete while Assert() only has to be sound. We call both Assert() and Check() the checking procedures of the theory solver. To achieve efficiency, it is not enough to have sound and complete checking procedures only. When a set of asserted theory atoms is determined to be inconsistent, explanations for such inconsistency should be provided, so that a clause can be learned for refining the search space. When conflicts occur, the SAT solver needs to backtrack, and the T-solver should also provide methods for efficient backtracking on the theory atoms. Interval Constraint Propagation. The method of Interval Constraint Propagation (ICP) [8] finds solutions of real constraints using a branch-and-prune method that performs constraint propagation of interval assignments on real variables. The intervals are represented by floating-point end-points. Only over-approximations of the function values are used, which are defined by interval extensions of real functions. Definition 4.1 (Floating-Point Intervals and Hulls). Let F denote the finite set of all floating point numbers with symbols and + under the conventional order <. Let IF = {[a, b] R : a, b F, a b} and BF = n=1 IFn denote the set of closed real intervals with floating-point endpoints, and the set of boxes with these intervals, respectively. When S R n is a set of real numbers, the hull of S is: Hull(S) = {B BF : S B}. Definition 4.2 (Interval Extension [8]). Suppose f : R n R is a real function. An interval extension operator ( ) maps f to a function f : BF IF, such that for any B dom( f), it is always true that {f( x) : x B} f(b). The idea of interval constraint propagation is to use interval extensions of functions to prune out sets of points that are not in the solution set, and branch on intervals when such pruning can not be done. A high-level description of the decision version of ICP is given in Algorithm 1. In the Algorithm 1, Branch(B, i) is an operator that returns two smaller boxes B = I 1 I i I n and B = I 1 I i I n, where I i I i I i. To ensure termination, it is required that there exists some constant c (0, 1) such that I i c I i and I i c I i. The key component of the ICP algorithm is the Prune(B, f) operation in Algorithm 1. Algorithm 1 ICP(f 1,..., f m, B 0 = I 0 1 I 0 n, δ) 1: S B 0 2: while S do 3: B S.pop() 4: while 1 i m, B δ Prune(B, f i ) do 5: B Prune(B, f i ) 6: end while 7: if B then 8: if 1 i n, f i (B) δ then 9: {B 1, B 2 } Branch(B, i) 10: S.push({B 1, B 2 }) 11: else 12: return sat 13: end if 14: end if 15: end while 16: return unsat 15

Similar documents

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39

Bounded Model Checking with SAT/SMT. Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Bounded Model Checking with SAT/SMT Edmund M. Clarke School of Computer Science Carnegie Mellon University 1/39 Recap: Symbolic Model Checking with BDDs Method used by most industrial strength model checkers:

More information

Nonlinear Control as Program Synthesis (A Starter)

Nonlinear Control as Program Synthesis (A Starter) Nonlinear Control as Program Synthesis (A Starter) Sicun Gao MIT December 15, 2014 Preliminaries Definition (L RF ) L RF is the first-order language over the reals that allows arbitrary numerically computable

More information

LOGIC PROPOSITIONAL REASONING

LOGIC PROPOSITIONAL REASONING LOGIC PROPOSITIONAL REASONING WS 2017/2018 (342.208) Armin Biere Martina Seidl biere@jku.at martina.seidl@jku.at Institute for Formal Models and Verification Johannes Kepler Universität Linz Version 2018.1

More information

Nonlinear Real Arithmetic and δ-satisfiability. Paolo Zuliani

Nonlinear Real Arithmetic and δ-satisfiability. Paolo Zuliani Nonlinear Real Arithmetic and δ-satisfiability Paolo Zuliani School of Computing Science Newcastle University, UK (Slides courtesy of Sicun Gao, UCSD) 1 / 27 Introduction We use hybrid systems for modelling

More information

Formal methods in analysis

Formal methods in analysis Formal methods in analysis Jeremy Avigad Department of Philosophy and Department of Mathematical Sciences Carnegie Mellon University May 2015 Sequence of lectures 1. Formal methods in mathematics 2. Automated

More information

Propositional Logic: Evaluating the Formulas

Propositional Logic: Evaluating the Formulas Institute for Formal Models and Verification Johannes Kepler University Linz VL Logik (LVA-Nr. 342208) Winter Semester 2015/2016 Propositional Logic: Evaluating the Formulas Version 2015.2 Armin Biere

More information

an efficient procedure for the decision problem. We illustrate this phenomenon for the Satisfiability problem.

an efficient procedure for the decision problem. We illustrate this phenomenon for the Satisfiability problem. 1 More on NP In this set of lecture notes, we examine the class NP in more detail. We give a characterization of NP which justifies the guess and verify paradigm, and study the complexity of solving search

More information

Complexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler

Complexity Theory VU , SS The Polynomial Hierarchy. Reinhard Pichler Complexity Theory Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 15 May, 2018 Reinhard

More information

Outline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181.

Outline. Complexity Theory EXACT TSP. The Class DP. Definition. Problem EXACT TSP. Complexity of EXACT TSP. Proposition VU 181. Complexity Theory Complexity Theory Outline Complexity Theory VU 181.142, SS 2018 6. The Polynomial Hierarchy Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität

More information

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013

Chapter 2. Reductions and NP. 2.1 Reductions Continued The Satisfiability Problem (SAT) SAT 3SAT. CS 573: Algorithms, Fall 2013 August 29, 2013 Chapter 2 Reductions and NP CS 573: Algorithms, Fall 2013 August 29, 2013 2.1 Reductions Continued 2.1.1 The Satisfiability Problem SAT 2.1.1.1 Propositional Formulas Definition 2.1.1. Consider a set of

More information

Tutorial 1: Modern SMT Solvers and Verification

Tutorial 1: Modern SMT Solvers and Verification University of Illinois at Urbana-Champaign Tutorial 1: Modern SMT Solvers and Verification Sayan Mitra Electrical & Computer Engineering Coordinated Science Laboratory University of Illinois at Urbana

More information

SMT BASICS WS 2017/2018 ( ) LOGIC SATISFIABILITY MODULO THEORIES. Institute for Formal Models and Verification Johannes Kepler Universität Linz

SMT BASICS WS 2017/2018 ( ) LOGIC SATISFIABILITY MODULO THEORIES. Institute for Formal Models and Verification Johannes Kepler Universität Linz LOGIC SATISFIABILITY MODULO THEORIES SMT BASICS WS 2017/2018 (342.208) Armin Biere Martina Seidl biere@jku.at martina.seidl@jku.at Institute for Formal Models and Verification Johannes Kepler Universität

More information

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig

First-Order Logic First-Order Theories. Roopsha Samanta. Partly based on slides by Aaron Bradley and Isil Dillig First-Order Logic First-Order Theories Roopsha Samanta Partly based on slides by Aaron Bradley and Isil Dillig Roadmap Review: propositional logic Syntax and semantics of first-order logic (FOL) Semantic

More information

Complexity Theory. Knowledge Representation and Reasoning. November 2, 2005

Complexity Theory. Knowledge Representation and Reasoning. November 2, 2005 Complexity Theory Knowledge Representation and Reasoning November 2, 2005 (Knowledge Representation and Reasoning) Complexity Theory November 2, 2005 1 / 22 Outline Motivation Reminder: Basic Notions Algorithms

More information

From Constructibility and Absoluteness to Computability and Domain Independence

From Constructibility and Absoluteness to Computability and Domain Independence From Constructibility and Absoluteness to Computability and Domain Independence Arnon Avron School of Computer Science Tel Aviv University, Tel Aviv 69978, Israel aa@math.tau.ac.il Abstract. Gödel s main

More information

δ-complete Decision Procedures for Satisfiability over the Reals

δ-complete Decision Procedures for Satisfiability over the Reals δ-complete Decision Procedures for Satisfiability over the Reals Sicun Gao, Jeremy Avigad, and Edmund M. Clarke Carnegie Mellon University, Pittsburgh, PA 15213 Abstract. We introduce the notion of δ-complete

More information

Essential facts about NP-completeness:

Essential facts about NP-completeness: CMPSCI611: NP Completeness Lecture 17 Essential facts about NP-completeness: Any NP-complete problem can be solved by a simple, but exponentially slow algorithm. We don t have polynomial-time solutions

More information

Approximation Metrics for Discrete and Continuous Systems

Approximation Metrics for Discrete and Continuous Systems University of Pennsylvania ScholarlyCommons Departmental Papers (CIS) Department of Computer & Information Science May 2007 Approximation Metrics for Discrete Continuous Systems Antoine Girard University

More information

The efficiency of identifying timed automata and the power of clocks

The efficiency of identifying timed automata and the power of clocks The efficiency of identifying timed automata and the power of clocks Sicco Verwer a,b,1,, Mathijs de Weerdt b, Cees Witteveen b a Eindhoven University of Technology, Department of Mathematics and Computer

More information

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms

First-Order Logic. 1 Syntax. Domain of Discourse. FO Vocabulary. Terms First-Order Logic 1 Syntax Domain of Discourse The domain of discourse for first order logic is FO structures or models. A FO structure contains Relations Functions Constants (functions of arity 0) FO

More information

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa

Scalable and Accurate Verification of Data Flow Systems. Cesare Tinelli The University of Iowa Scalable and Accurate Verification of Data Flow Systems Cesare Tinelli The University of Iowa Overview AFOSR Supported Research Collaborations NYU (project partner) Chalmers University (research collaborator)

More information

Formal Verification Methods 1: Propositional Logic

Formal Verification Methods 1: Propositional Logic Formal Verification Methods 1: Propositional Logic John Harrison Intel Corporation Course overview Propositional logic A resurgence of interest Logic and circuits Normal forms The Davis-Putnam procedure

More information

Herbrand Theorem, Equality, and Compactness

Herbrand Theorem, Equality, and Compactness CSC 438F/2404F Notes (S. Cook and T. Pitassi) Fall, 2014 Herbrand Theorem, Equality, and Compactness The Herbrand Theorem We now consider a complete method for proving the unsatisfiability of sets of first-order

More information

A An Overview of Complexity Theory for the Algorithm Designer

A An Overview of Complexity Theory for the Algorithm Designer A An Overview of Complexity Theory for the Algorithm Designer A.1 Certificates and the class NP A decision problem is one whose answer is either yes or no. Two examples are: SAT: Given a Boolean formula

More information

1 Algebraic Methods. 1.1 Gröbner Bases Applied to SAT

1 Algebraic Methods. 1.1 Gröbner Bases Applied to SAT 1 Algebraic Methods In an algebraic system Boolean constraints are expressed as a system of algebraic equations or inequalities which has a solution if and only if the constraints are satisfiable. Equations

More information

Topics in Model-Based Reasoning

Topics in Model-Based Reasoning Towards Integration of Proving and Solving Dipartimento di Informatica Università degli Studi di Verona Verona, Italy March, 2014 Automated reasoning Artificial Intelligence Automated Reasoning Computational

More information

The State Explosion Problem

The State Explosion Problem The State Explosion Problem Martin Kot August 16, 2003 1 Introduction One from main approaches to checking correctness of a concurrent system are state space methods. They are suitable for automatic analysis

More information

Lecture 20: conp and Friends, Oracles in Complexity Theory

Lecture 20: conp and Friends, Oracles in Complexity Theory 6.045 Lecture 20: conp and Friends, Oracles in Complexity Theory 1 Definition: conp = { L L NP } What does a conp computation look like? In NP algorithms, we can use a guess instruction in pseudocode:

More information

Lecture Notes on Inductive Definitions

Lecture Notes on Inductive Definitions Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 September 2, 2004 These supplementary notes review the notion of an inductive definition and

More information

6-1 Computational Complexity

6-1 Computational Complexity 6-1 Computational Complexity 6. Computational Complexity Computational models Turing Machines Time complexity Non-determinism, witnesses, and short proofs. Complexity classes: P, NP, conp Polynomial-time

More information

Satisfiability Modulo Theories (SMT)

Satisfiability Modulo Theories (SMT) CS510 Software Engineering Satisfiability Modulo Theories (SMT) Slides modified from those by Aarti Gupta Textbook: The Calculus of Computation by A. Bradley and Z. Manna 1 Satisfiability Modulo Theory

More information

Foundations of Artificial Intelligence

Foundations of Artificial Intelligence Foundations of Artificial Intelligence 7. Propositional Logic Rational Thinking, Logic, Resolution Joschka Boedecker and Wolfram Burgard and Bernhard Nebel Albert-Ludwigs-Universität Freiburg May 17, 2016

More information

Introduction to Complexity Theory. Bernhard Häupler. May 2, 2006

Introduction to Complexity Theory. Bernhard Häupler. May 2, 2006 Introduction to Complexity Theory Bernhard Häupler May 2, 2006 Abstract This paper is a short repetition of the basic topics in complexity theory. It is not intended to be a complete step by step introduction

More information

SAT, NP, NP-Completeness

SAT, NP, NP-Completeness CS 473: Algorithms, Spring 2018 SAT, NP, NP-Completeness Lecture 22 April 13, 2018 Most slides are courtesy Prof. Chekuri Ruta (UIUC) CS473 1 Spring 2018 1 / 57 Part I Reductions Continued Ruta (UIUC)

More information

Principles of Knowledge Representation and Reasoning

Principles of Knowledge Representation and Reasoning Principles of Knowledge Representation and Reasoning Complexity Theory Bernhard Nebel, Malte Helmert and Stefan Wölfl Albert-Ludwigs-Universität Freiburg April 29, 2008 Nebel, Helmert, Wölfl (Uni Freiburg)

More information

Halting and Equivalence of Program Schemes in Models of Arbitrary Theories

Halting and Equivalence of Program Schemes in Models of Arbitrary Theories Halting and Equivalence of Program Schemes in Models of Arbitrary Theories Dexter Kozen Cornell University, Ithaca, New York 14853-7501, USA, kozen@cs.cornell.edu, http://www.cs.cornell.edu/~kozen In Honor

More information

Constraint Logic Programming and Integrating Simplex with DPLL(T )

Constraint Logic Programming and Integrating Simplex with DPLL(T ) Constraint Logic Programming and Integrating Simplex with DPLL(T ) Ali Sinan Köksal December 3, 2010 Constraint Logic Programming Underlying concepts The CLP(X ) framework Comparison of CLP with LP Integrating

More information

MTAT Complexity Theory October 20th-21st, Lecture 7

MTAT Complexity Theory October 20th-21st, Lecture 7 MTAT.07.004 Complexity Theory October 20th-21st, 2011 Lecturer: Peeter Laud Lecture 7 Scribe(s): Riivo Talviste Polynomial hierarchy 1 Turing reducibility From the algorithmics course, we know the notion

More information

540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL Algorithmic Analysis of Nonlinear Hybrid Systems

540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL Algorithmic Analysis of Nonlinear Hybrid Systems 540 IEEE TRANSACTIONS ON AUTOMATIC CONTROL, VOL. 43, NO. 4, APRIL 1998 Algorithmic Analysis of Nonlinear Hybrid Systems Thomas A. Henzinger, Pei-Hsin Ho, Howard Wong-Toi Abstract Hybrid systems are digital

More information

The Potential and Challenges of CAD with Equational Constraints for SC-Square

The Potential and Challenges of CAD with Equational Constraints for SC-Square The Potential and Challenges of with Equational Constraints for SC-Square Matthew England (Coventry University) Joint work with: James H. Davenport (University of Bath) 7th International Conference on

More information

Notes. Corneliu Popeea. May 3, 2013

Notes. Corneliu Popeea. May 3, 2013 Notes Corneliu Popeea May 3, 2013 1 Propositional logic Syntax We rely on a set of atomic propositions, AP, containing atoms like p, q. A propositional logic formula φ Formula is then defined by the following

More information

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel

7. Propositional Logic. Wolfram Burgard and Bernhard Nebel Foundations of AI 7. Propositional Logic Rational Thinking, Logic, Resolution Wolfram Burgard and Bernhard Nebel Contents Agents that think rationally The wumpus world Propositional logic: syntax and semantics

More information

Lecture Notes: Axiomatic Semantics and Hoare-style Verification

Lecture Notes: Axiomatic Semantics and Hoare-style Verification Lecture Notes: Axiomatic Semantics and Hoare-style Verification 17-355/17-665/17-819O: Program Analysis (Spring 2018) Claire Le Goues and Jonathan Aldrich clegoues@cs.cmu.edu, aldrich@cs.cmu.edu It has

More information

Foundations of Artificial Intelligence

Foundations of Artificial Intelligence Foundations of Artificial Intelligence 7. Propositional Logic Rational Thinking, Logic, Resolution Wolfram Burgard, Maren Bennewitz, and Marco Ragni Albert-Ludwigs-Universität Freiburg Contents 1 Agents

More information

Constraint Solving for Program Verification: Theory and Practice by Example

Constraint Solving for Program Verification: Theory and Practice by Example Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions

More information

IC3 and Beyond: Incremental, Inductive Verification

IC3 and Beyond: Incremental, Inductive Verification IC3 and Beyond: Incremental, Inductive Verification Aaron R. Bradley ECEE, CU Boulder & Summit Middle School IC3 and Beyond: Incremental, Inductive Verification 1/62 Induction Foundation of verification

More information

Propositional and Predicate Logic - V

Propositional and Predicate Logic - V Propositional and Predicate Logic - V Petr Gregor KTIML MFF UK WS 2016/2017 Petr Gregor (KTIML MFF UK) Propositional and Predicate Logic - V WS 2016/2017 1 / 21 Formal proof systems Hilbert s calculus

More information

Database Theory VU , SS Complexity of Query Evaluation. Reinhard Pichler

Database Theory VU , SS Complexity of Query Evaluation. Reinhard Pichler Database Theory Database Theory VU 181.140, SS 2018 5. Complexity of Query Evaluation Reinhard Pichler Institut für Informationssysteme Arbeitsbereich DBAI Technische Universität Wien 17 April, 2018 Pichler

More information

Propositional and Predicate Logic. jean/gbooks/logic.html

Propositional and Predicate Logic. jean/gbooks/logic.html CMSC 630 February 10, 2009 1 Propositional and Predicate Logic Sources J. Gallier. Logic for Computer Science, John Wiley and Sons, Hoboken NJ, 1986. 2003 revised edition available on line at http://www.cis.upenn.edu/

More information

δ-complete Analysis for Bounded Reachability of Hybrid Systems

δ-complete Analysis for Bounded Reachability of Hybrid Systems δ-complete Analysis for Bounded Reachability of Hybrid Systems Sicun Gao Soonho Kong Wei Chen Edmund M. Clarke July 16, 2014 CMU-CS-14-111 School of Computer Science Carnegie Mellon University Pittsburgh,

More information

About the relationship between formal logic and complexity classes

About the relationship between formal logic and complexity classes About the relationship between formal logic and complexity classes Working paper Comments welcome; my email: armandobcm@yahoo.com Armando B. Matos October 20, 2013 1 Introduction We analyze a particular

More information

The Complexity of Computing the Behaviour of Lattice Automata on Infinite Trees

The Complexity of Computing the Behaviour of Lattice Automata on Infinite Trees The Complexity of Computing the Behaviour of Lattice Automata on Infinite Trees Karsten Lehmann a, Rafael Peñaloza b a Optimisation Research Group, NICTA Artificial Intelligence Group, Australian National

More information

Theoretical Foundations of the UML

Theoretical Foundations of the UML Theoretical Foundations of the UML Lecture 17+18: A Logic for MSCs Joost-Pieter Katoen Lehrstuhl für Informatik 2 Software Modeling and Verification Group moves.rwth-aachen.de/teaching/ws-1718/fuml/ 5.

More information

The algorithmic analysis of hybrid system

The algorithmic analysis of hybrid system The algorithmic analysis of hybrid system Authors: R.Alur, C. Courcoubetis etc. Course teacher: Prof. Ugo Buy Xin Li, Huiyong Xiao Nov. 13, 2002 Summary What s a hybrid system? Definition of Hybrid Automaton

More information

Lecture 3: Reductions and Completeness

Lecture 3: Reductions and Completeness CS 710: Complexity Theory 9/13/2011 Lecture 3: Reductions and Completeness Instructor: Dieter van Melkebeek Scribe: Brian Nixon Last lecture we introduced the notion of a universal Turing machine for deterministic

More information

Final exam study sheet for CS3719 Turing machines and decidability.

Final exam study sheet for CS3719 Turing machines and decidability. Final exam study sheet for CS3719 Turing machines and decidability. A Turing machine is a finite automaton with an infinite memory (tape). Formally, a Turing machine is a 6-tuple M = (Q, Σ, Γ, δ, q 0,

More information

Critical Reading of Optimization Methods for Logical Inference [1]

Critical Reading of Optimization Methods for Logical Inference [1] Critical Reading of Optimization Methods for Logical Inference [1] Undergraduate Research Internship Department of Management Sciences Fall 2007 Supervisor: Dr. Miguel Anjos UNIVERSITY OF WATERLOO Rajesh

More information

Reducibility in polynomialtime computable analysis. Akitoshi Kawamura (U Tokyo) Wadern, Germany, September 24, 2015

Reducibility in polynomialtime computable analysis. Akitoshi Kawamura (U Tokyo) Wadern, Germany, September 24, 2015 Reducibility in polynomialtime computable analysis Akitoshi Kawamura (U Tokyo) Wadern, Germany, September 24, 2015 Computable Analysis Applying computability / complexity theory to problems involving real

More information

Foundations of Artificial Intelligence

Foundations of Artificial Intelligence Foundations of Artificial Intelligence 7. Propositional Logic Rational Thinking, Logic, Resolution Joschka Boedecker and Wolfram Burgard and Frank Hutter and Bernhard Nebel Albert-Ludwigs-Universität Freiburg

More information

Peano Arithmetic. CSC 438F/2404F Notes (S. Cook) Fall, Goals Now

Peano Arithmetic. CSC 438F/2404F Notes (S. Cook) Fall, Goals Now CSC 438F/2404F Notes (S. Cook) Fall, 2008 Peano Arithmetic Goals Now 1) We will introduce a standard set of axioms for the language L A. The theory generated by these axioms is denoted PA and called Peano

More information

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering)

THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester COMP2600 (Formal Methods for Software Engineering) THE AUSTRALIAN NATIONAL UNIVERSITY Second Semester 2012 COMP2600 (Formal Methods for Software Engineering) Writing Period: 3 hours duration Study Period: 15 minutes duration Permitted Materials: One A4

More information

02 Propositional Logic

02 Propositional Logic SE 2F03 Fall 2005 02 Propositional Logic Instructor: W. M. Farmer Revised: 25 September 2005 1 What is Propositional Logic? Propositional logic is the study of the truth or falsehood of propositions or

More information

CS156: The Calculus of Computation

CS156: The Calculus of Computation CS156: The Calculus of Computation Zohar Manna Winter 2010 It is reasonable to hope that the relationship between computation and mathematical logic will be as fruitful in the next century as that between

More information

Chapter 4: Computation tree logic

Chapter 4: Computation tree logic INFOF412 Formal verification of computer systems Chapter 4: Computation tree logic Mickael Randour Formal Methods and Verification group Computer Science Department, ULB March 2017 1 CTL: a specification

More information

The Polynomial Hierarchy

The Polynomial Hierarchy The Polynomial Hierarchy Slides based on S.Aurora, B.Barak. Complexity Theory: A Modern Approach. Ahto Buldas Ahto.Buldas@ut.ee Motivation..synthesizing circuits is exceedingly difficulty. It is even

More information

NP Completeness and Approximation Algorithms

NP Completeness and Approximation Algorithms Chapter 10 NP Completeness and Approximation Algorithms Let C() be a class of problems defined by some property. We are interested in characterizing the hardest problems in the class, so that if we can

More information

Chapter 3 Deterministic planning

Chapter 3 Deterministic planning Chapter 3 Deterministic planning In this chapter we describe a number of algorithms for solving the historically most important and most basic type of planning problem. Two rather strong simplifying assumptions

More information

Proving Unsatisfiability in Non-linear Arithmetic by Duality

Proving Unsatisfiability in Non-linear Arithmetic by Duality Proving Unsatisfiability in Non-linear Arithmetic by Duality [work in progress] Daniel Larraz, Albert Oliveras, Enric Rodríguez-Carbonell and Albert Rubio Universitat Politècnica de Catalunya, Barcelona,

More information

Propositional Logic. Methods & Tools for Software Engineering (MTSE) Fall Prof. Arie Gurfinkel

Propositional Logic. Methods & Tools for Software Engineering (MTSE) Fall Prof. Arie Gurfinkel Propositional Logic Methods & Tools for Software Engineering (MTSE) Fall 2017 Prof. Arie Gurfinkel References Chpater 1 of Logic for Computer Scientists http://www.springerlink.com/content/978-0-8176-4762-9/

More information

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008

WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008 WHAT IS AN SMT SOLVER? Jaeheon Yi - April 17, 2008 WHAT I LL TALK ABOUT Propositional Logic Terminology, Satisfiability, Decision Procedure First-Order Logic Terminology, Background Theories Satisfiability

More information

THE COMPLEXITY OF DECENTRALIZED CONTROL OF MARKOV DECISION PROCESSES

THE COMPLEXITY OF DECENTRALIZED CONTROL OF MARKOV DECISION PROCESSES MATHEMATICS OF OPERATIONS RESEARCH Vol. 27, No. 4, November 2002, pp. 819 840 Printed in U.S.A. THE COMPLEXITY OF DECENTRALIZED CONTROL OF MARKOV DECISION PROCESSES DANIEL S. BERNSTEIN, ROBERT GIVAN, NEIL

More information

Abstractions and Decision Procedures for Effective Software Model Checking

Abstractions and Decision Procedures for Effective Software Model Checking Abstractions and Decision Procedures for Effective Software Model Checking Prof. Natasha Sharygina The University of Lugano, Carnegie Mellon University Microsoft Summer School, Moscow, July 2011 Lecture

More information

VC-DENSITY FOR TREES

VC-DENSITY FOR TREES VC-DENSITY FOR TREES ANTON BOBKOV Abstract. We show that for the theory of infinite trees we have vc(n) = n for all n. VC density was introduced in [1] by Aschenbrenner, Dolich, Haskell, MacPherson, and

More information

Satisfiability Modulo Theories

Satisfiability Modulo Theories Satisfiability Modulo Theories Summer School on Formal Methods Menlo College, 2011 Bruno Dutertre and Leonardo de Moura bruno@csl.sri.com, leonardo@microsoft.com SRI International, Microsoft Research SAT/SMT

More information

PREDICATE LOGIC: UNDECIDABILITY AND INCOMPLETENESS HUTH AND RYAN 2.5, SUPPLEMENTARY NOTES 2

PREDICATE LOGIC: UNDECIDABILITY AND INCOMPLETENESS HUTH AND RYAN 2.5, SUPPLEMENTARY NOTES 2 PREDICATE LOGIC: UNDECIDABILITY AND INCOMPLETENESS HUTH AND RYAN 2.5, SUPPLEMENTARY NOTES 2 Neil D. Jones DIKU 2005 14 September, 2005 Some slides today new, some based on logic 2004 (Nils Andersen) OUTLINE,

More information

Clause/Term Resolution and Learning in the Evaluation of Quantified Boolean Formulas

Clause/Term Resolution and Learning in the Evaluation of Quantified Boolean Formulas Journal of Artificial Intelligence Research 1 (1993) 1-15 Submitted 6/91; published 9/91 Clause/Term Resolution and Learning in the Evaluation of Quantified Boolean Formulas Enrico Giunchiglia Massimo

More information

Quantifiers. Leonardo de Moura Microsoft Research

Quantifiers. Leonardo de Moura Microsoft Research Quantifiers Leonardo de Moura Microsoft Research Satisfiability a > b + 2, a = 2c + 10, c + b 1000 SAT a = 0, b = 3, c = 5 Model 0 > 3 + 2, 0 = 2 5 + 10, 5 + ( 3) 1000 Quantifiers x y x > 0 f x, y = 0

More information

Hybrid systems and computer science a short tutorial

Hybrid systems and computer science a short tutorial Hybrid systems and computer science a short tutorial Eugene Asarin Université Paris 7 - LIAFA SFM 04 - RT, Bertinoro p. 1/4 Introductory equations Hybrid Systems = Discrete+Continuous SFM 04 - RT, Bertinoro

More information

Chapter 7 R&N ICS 271 Fall 2017 Kalev Kask

Chapter 7 R&N ICS 271 Fall 2017 Kalev Kask Set 6: Knowledge Representation: The Propositional Calculus Chapter 7 R&N ICS 271 Fall 2017 Kalev Kask Outline Representing knowledge using logic Agent that reason logically A knowledge based agent Representing

More information

On the Computational Hardness of Graph Coloring

On the Computational Hardness of Graph Coloring On the Computational Hardness of Graph Coloring Steven Rutherford June 3, 2011 Contents 1 Introduction 2 2 Turing Machine 2 3 Complexity Classes 3 4 Polynomial Time (P) 4 4.1 COLORED-GRAPH...........................

More information

CMPS 217 Logic in Computer Science. Lecture #17

CMPS 217 Logic in Computer Science. Lecture #17 CMPS 217 Logic in Computer Science https://courses.soe.ucsc.edu/courses/cmps217/spring13/01 Lecture #17 1 The Complexity of FO-Truth on a Structure Structure A Complexity of Th(A) Structure of the natural

More information

CSE 555 HW 5 SAMPLE SOLUTION. Question 1.

CSE 555 HW 5 SAMPLE SOLUTION. Question 1. CSE 555 HW 5 SAMPLE SOLUTION Question 1. Show that if L is PSPACE-complete, then L is NP-hard. Show that the converse is not true. If L is PSPACE-complete, then for all A PSPACE, A P L. We know SAT PSPACE

More information

Part II. Logic and Set Theory. Year

Part II. Logic and Set Theory. Year Part II Year 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 2008 2007 2006 2005 2018 60 Paper 4, Section II 16G State and prove the ǫ-recursion Theorem. [You may assume the Principle of ǫ- Induction.]

More information

Complexity of domain-independent planning. José Luis Ambite

Complexity of domain-independent planning. José Luis Ambite Complexity of domain-independent planning José Luis Ambite 1 Decidability Decision problem: a problem with a yes/no answer e.g. is N prime? Decidable: if there is a program (i.e. a Turing Machine) that

More information

Introduction to Metalogic

Introduction to Metalogic Philosophy 135 Spring 2008 Tony Martin Introduction to Metalogic 1 The semantics of sentential logic. The language L of sentential logic. Symbols of L: Remarks: (i) sentence letters p 0, p 1, p 2,... (ii)

More information

20.1 2SAT. CS125 Lecture 20 Fall 2016

20.1 2SAT. CS125 Lecture 20 Fall 2016 CS125 Lecture 20 Fall 2016 20.1 2SAT We show yet another possible way to solve the 2SAT problem. Recall that the input to 2SAT is a logical expression that is the conunction (AND) of a set of clauses,

More information

Notes on Complexity Theory Last updated: October, Lecture 6

Notes on Complexity Theory Last updated: October, Lecture 6 Notes on Complexity Theory Last updated: October, 2015 Lecture 6 Notes by Jonathan Katz, lightly edited by Dov Gordon 1 PSPACE and PSPACE-Completeness As in our previous study of N P, it is useful to identify

More information

Automated Program Verification and Testing 15414/15614 Fall 2016 Lecture 3: Practical SAT Solving

Automated Program Verification and Testing 15414/15614 Fall 2016 Lecture 3: Practical SAT Solving Automated Program Verification and Testing 15414/15614 Fall 2016 Lecture 3: Practical SAT Solving Matt Fredrikson mfredrik@cs.cmu.edu October 17, 2016 Matt Fredrikson SAT Solving 1 / 36 Review: Propositional

More information

Linear-time Temporal Logic

Linear-time Temporal Logic Linear-time Temporal Logic Pedro Cabalar Department of Computer Science University of Corunna, SPAIN cabalar@udc.es 2015/2016 P. Cabalar ( Department Linear oftemporal Computer Logic Science University

More information

Nested Epistemic Logic Programs

Nested Epistemic Logic Programs Nested Epistemic Logic Programs Kewen Wang 1 and Yan Zhang 2 1 Griffith University, Australia k.wang@griffith.edu.au 2 University of Western Sydney yan@cit.uws.edu.au Abstract. Nested logic programs and

More information

Constraint Solving for Program Verification: Theory and Practice by Example

Constraint Solving for Program Verification: Theory and Practice by Example Constraint Solving for Program Verification: Theory and Practice by Example Andrey Rybalchenko Technische Universität München Abstract. Program verification relies on the construction of auxiliary assertions

More information

Motivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory

Motivation. CS389L: Automated Logical Reasoning. Lecture 10: Overview of First-Order Theories. Signature and Axioms of First-Order Theory Motivation CS389L: Automated Logical Reasoning Lecture 10: Overview of First-Order Theories Işıl Dillig Last few lectures: Full first-order logic In FOL, functions/predicates are uninterpreted (i.e., structure

More information

Lecture 23: Alternation vs. Counting

Lecture 23: Alternation vs. Counting CS 710: Complexity Theory 4/13/010 Lecture 3: Alternation vs. Counting Instructor: Dieter van Melkebeek Scribe: Jeff Kinne & Mushfeq Khan We introduced counting complexity classes in the previous lecture

More information

Constraint Solving for Finite Model Finding in SMT Solvers

Constraint Solving for Finite Model Finding in SMT Solvers myjournal manuscript No. (will be inserted by the editor) Constraint Solving for Finite Model Finding in SMT Solvers Andrew Reynolds Cesare Tinelli Clark Barrett Received: date / Accepted: date Abstract

More information

Tecniche di Verifica. Introduction to Propositional Logic

Tecniche di Verifica. Introduction to Propositional Logic Tecniche di Verifica Introduction to Propositional Logic 1 Logic A formal logic is defined by its syntax and semantics. Syntax An alphabet is a set of symbols. A finite sequence of these symbols is called

More information

Lecture Notes on Inductive Definitions

Lecture Notes on Inductive Definitions Lecture Notes on Inductive Definitions 15-312: Foundations of Programming Languages Frank Pfenning Lecture 2 August 28, 2003 These supplementary notes review the notion of an inductive definition and give

More information

Linear Temporal Logic and Büchi Automata

Linear Temporal Logic and Büchi Automata Linear Temporal Logic and Büchi Automata Yih-Kuen Tsay Department of Information Management National Taiwan University FLOLAC 2009 Yih-Kuen Tsay (SVVRL @ IM.NTU) Linear Temporal Logic and Büchi Automata

More information

Solving SAT Modulo Theories

Solving SAT Modulo Theories Solving SAT Modulo Theories R. Nieuwenhuis, A. Oliveras, and C.Tinelli. Solving SAT and SAT Modulo Theories: from an Abstract Davis-Putnam-Logemann-Loveland Procedure to DPLL(T) Mooly Sagiv Motivation

More information

Classical First-Order Logic

Classical First-Order Logic Classical First-Order Logic Software Formal Verification Maria João Frade Departmento de Informática Universidade do Minho 2008/2009 Maria João Frade (DI-UM) First-Order Logic (Classical) MFES 2008/09

More information

Cardinality Networks: a Theoretical and Empirical Study

Cardinality Networks: a Theoretical and Empirical Study Constraints manuscript No. (will be inserted by the editor) Cardinality Networks: a Theoretical and Empirical Study Roberto Asín, Robert Nieuwenhuis, Albert Oliveras, Enric Rodríguez-Carbonell Received:

More information
2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback